Bump the npm_and_yarn group across 1 directory with 23 updates #2

dependabot · 2025-06-03T07:19:15Z

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
@octokit/request-error	`5.0.0`	`5.1.1`
express	`4.18.1`	`4.21.2`
http-proxy-middleware	`2.0.6`	`2.0.9`
next	`13.4.12`	`15.2.4`
sharp	`0.32.1`	`0.32.6`
@babel/helpers	`7.20.7`	`7.27.4`
@babel/runtime	`7.22.6`	`7.27.4`
@babel/traverse	`7.20.10`	`7.27.4`
braces	`3.0.2`	`3.0.3`
cookie	`0.4.1`	`0.7.1`
cookie-parser	`1.4.6`	`1.4.7`
follow-redirects	`1.15.2`	`1.15.9`
micromatch	`4.0.5`	`4.0.8`
axios	`0.27.2`	`1.9.0`
start-server-and-test	`2.0.0`	`2.0.12`
tar-fs	`2.1.1`	`2.1.3`

Updates @octokit/request-error from 5.0.0 to 5.1.1

Release notes

Sourced from @octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

ReDos regex vulnerability, reported by @dayshift (12a14f0)

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

upgrade @octokit/types to v13 (3af20bd)

Features

security: Add provenance (#416) (94147e8)

v5.0.1

5.0.1 (2023-09-23)

Bug Fixes

deps: update dependency @octokit/types to v12 (#366) (590fc39)

Commits

b51ed27 test: ReDos regex vulnerability, reported by @dayshift
12a14f0 fix: ReDos regex vulnerability, reported by @dayshift
3af20bd fix: upgrade @octokit/types to v13
94147e8 feat(security): Add provenance (#416)
590fc39 fix(deps): update dependency @octokit/types to v12 (#366)
4b9c57e ci(action): update peter-evans/create-or-update-comment digest to 46da6c0
710afc3 ci(action): update peter-evans/create-or-update-comment digest to 1f6c514
c82c8ce ci(action): update peter-evans/create-or-update-comment digest to 223779b
ec24ead ci(action): update peter-evans/create-or-update-comment digest to 46846e5 (#362)
365f18d ci(action): update actions/checkout action to v4
Additional commits viewable in compare view

Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates next from 13.4.12 to 15.2.4

Release notes

Sourced from next's releases.

v15.1.8

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: Merge link header from middleware with the ones from React (#73431)

fix(edge): run after() if request is cancelled mid-streaming (#76013)

gate segmentCache branch in base-server (#79505)

Credits

Huge thanks to @amannn, @lubieowoce, and @ztanner for helping!

v14.2.29

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only share incremental cache for edge in next start (#79389)

Credits

Huge thanks to @ijjk for helping!

v14.2.28

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: node.js module import error when using middleware (#77945)

Credits

Huge thanks to @ztanner for helping!

v14.2.27

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix dynamic route interception not working when deployed with middleware (#64923)

Credits

Huge thanks to @ztanner for helping!

Commits

804aa35 v15.2.4
ecb72ee Match subrequest handling for edge and node (#77474)
25f810b exclude images and static media from dev origin check (#77417)
d9bcb83 ensure /__next middleware URLs are included in the origin check (#77416)
cfeaa86 remove direct ip/port bypass in dev origin check (#77414)
f847302 switch development origin verification to be opt-in rather than opt-out (#77395)
535e26d v15.2.3
2fcae1d Update default allowed origins list (#77212)
adf5462 unify allowed origin detection handling (#77053)
5e59da1 Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
Additional commits viewable in compare view

Updates semver from 7.5.4 to 7.7.2

Release notes

Sourced from semver's releases.

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

fcafb61 #780 add missing 'use strict' directives (#780) (@Fdawgs)

c99f336 #781 prerelease identifier starting with digits (#781) (@mbtools)

Chores

c760403 #784 template-oss-apply for workflow permissions (#784) (@wraithgar)

2677f2a #778 bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@dependabot[bot], @npm-cli-bot)

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide)

Documentation

2975ece #719 fix extra backtick typo (#719) (@stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

6466ba9 #713 lru: use map.delete() directly (#713) (@negezor, @lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.2 (2025-05-12)

Bug Fixes

fcafb61 #780 add missing 'use strict' directives (#780) (@Fdawgs)

c99f336 #781 prerelease identifier starting with digits (#781) (@mbtools)

Chores

c760403 #784 template-oss-apply for workflow permissions (#784) (@wraithgar)

2677f2a #778 bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@dependabot[bot], @npm-cli-bot)

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

7.6.3 (2024-07-16)

Bug Fixes

73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide)

Documentation

2975ece #719 fix extra backtick typo (#719) (@stdavis)

7.6.2 (2024-05-09)

Bug Fixes

6466ba9 #713 lru: use map.delete() directly (#713) (@negezor, @lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

c570a34 #704 linting: no-unused-vars (@wraithgar)

ad8ff11 #704 use internal cache implementation (@mbtools)

ac9b357 #682 typo in compareBuild debug message (#682) (@mbtools)

... (truncated)

Commits

281055e chore: release 7.7.2 (#783)
fcafb61 fix: add missing 'use strict' directives (#780)
c760403 chore: template-oss-apply for workflow permissions (#784)
c99f336 fix: prerelease identifier starting with digits (#781)
2677f2a chore: bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778)
0b98655 chore: bump @npmcli/template-oss from 4.23.4 to 4.23.6 (#760)
30c438b chore: release 7.7.1 (#765)
af761c0 fix(inc): fully capture prerelease identifier (#764)
2cfcbb5 chore: release 7.7.0 (#750)
d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
Additional commits viewable in compare view

Updates sharp from 0.32.1 to 0.32.6

Changelog

Sourced from sharp's changelog.

v0.32.6 - 18th September 2023

Upgrade to libvips v8.14.5 for upstream bug fixes.

Ensure composite tile images are fully decoded (regression in 0.32.0). #3767

Ensure withMetadata can add ICC profiles to RGB16 output. #3773

Ensure withMetadata does not reduce 16-bit images to 8-bit (regression in 0.32.5). #3773

TypeScript: Add definitions for block and unblock. #3799 @ldrick

v0.32.5 - 15th August 2023

Upgrade to libvips v8.14.4 for upstream bug fixes.

TypeScript: Add missing WebpPresetEnum to definitions. #3748 @pilotso11

Ensure compilation using musl v1.2.4. #3755 @kleisauke

Ensure resize with a fit of inside respects 90/270 degree rotation. #3756

TypeScript: Ensure minSize property of WebpOptions is boolean. #3758 @sho-xizz

Ensure withMetadata adds default sRGB profile. #3761

v0.32.4 - 21st July 2023

Upgrade to libvips v8.14.3 for upstream bug fixes.

Expose ability to (un)block low-level libvips operations by name.

Prebuilt binaries: restore support for tile-based output. #3581

v0.32.3 - 14th July 2023

... (truncated)

Commits

eefaa99 Release v0.32.6
dbce6fa Upgrade to libvips v8.14.5
af0fcb3 Docs: changelog for #3799
c6f54e5 Bump devDeps
846563e TypeScript: add definitions for block and unblock (#3799)
9c217ab Ensure withMetadata can add RGB16 profiles #3773
e7381e5 Alternative fix for 4340d60, uses existing StaySequential
4340d60 Ensure composite tile images fully decoded #3767
7f64d46 Docs: add missing returns property to raw
67e927b Docs: ensure all functions include method signature #3777
Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

8.4.21

Fixed Input#error types (by @hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by @romainmenke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by @KingSora).

8.4.17

Fixed Node.before() unexpected behavior (by @romainmenke).

Added TOC to docs (by @muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

Fixed Node.before() unexpected behavior (by Romain Menke).

Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
45c5501 Release 8.4.30 version
bc3c341 Update linter
b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
Additional commits viewable in compare view

Updates @babel/helpers from 7.20.7 to 7.27.4

Release notes

Sourced from @babel/helpers's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

babel-parser

#17312 fix(parser): properly handle optional markers in generator class methods (@magic-akari)

#17307 fix(parser): Terminate modifier parsing at newline (@magic-akari)

babel-generator, babel-parser

#17308 Improve import phase parsing (@JLHwung)

Committers: 7

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Vik R (@vikr01)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, bab... Description has been truncated

Bumps the npm_and_yarn group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `5.0.0` | `5.1.1` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.21.2` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [next](https://github.com/vercel/next.js) | `13.4.12` | `15.2.4` | | [sharp](https://github.com/lovell/sharp) | `0.32.1` | `0.32.6` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.20.7` | `7.27.4` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.22.6` | `7.27.4` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.10` | `7.27.4` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.1` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.4.6` | `1.4.7` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [axios](https://github.com/axios/axios) | `0.27.2` | `1.9.0` | | [start-server-and-test](https://github.com/bahmutov/start-server-and-test) | `2.0.0` | `2.0.12` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.3` | Updates `@octokit/request-error` from 5.0.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v5.0.0...v5.1.1) Updates `express` from 4.18.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.1...4.21.2) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `next` from 13.4.12 to 15.2.4 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.12...v15.2.4) Updates `semver` from 7.5.4 to 7.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.7.2) Updates `sharp` from 0.32.1 to 0.32.6 - [Release notes](https://github.com/lovell/sharp/releases) - [Changelog](https://github.com/lovell/sharp/blob/v0.32.6/docs/changelog.md) - [Commits](lovell/sharp@v0.32.1...v0.32.6) Updates `postcss` from 8.4.14 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.14...8.4.31) Updates `@babel/helpers` from 7.20.7 to 7.27.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-helpers) Updates `@babel/runtime` from 7.22.6 to 7.27.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-runtime) Updates `@babel/traverse` from 7.20.10 to 7.27.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-traverse) Updates `body-parser` from 1.20.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.4.6...1.4.7) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.4 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.11) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `axios` from 0.27.2 to 1.9.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v1.9.0) Updates `start-server-and-test` from 2.0.0 to 2.0.12 - [Release notes](https://github.com/bahmutov/start-server-and-test/releases) - [Commits](bahmutov/start-server-and-test@v2.0.0...v2.0.12) Updates `tar-fs` from 2.1.1 to 2.1.3 - [Commits](https://github.com/mafintosh/tar-fs/commits) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-version: 5.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.2.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: sharp dependency-version: 0.32.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.4.31 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.27.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.27.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.27.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-version: 1.4.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: start-server-and-test dependency-version: 2.0.12 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies javascript labels Jun 3, 2025

dependabot bot mentioned this pull request Jun 3, 2025

Bump the npm_and_yarn group across 1 directory with 23 updates #1

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 23 updates #2

Bump the npm_and_yarn group across 1 directory with 23 updates #2

Uh oh!

dependabot bot commented on behalf of github Jun 3, 2025

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 23 updates #2

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 23 updates #2

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 3, 2025

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

Features

v5.0.1

5.0.1 (2023-09-23)

Bug Fixes

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v2.0.9

What's Changed

v2.0.8

What's Changed

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.9

v2.0.8

v2.0.7

v15.1.8

Core Changes

Credits

v14.2.29

Core Changes

Credits

v14.2.28

Core Changes

Credits

v14.2.27

Core Changes

Credits

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

7.7.2 (2025-05-12)

Bug Fixes

Chores